Congressional watchdogs, as well as industry members and feds, called for a cyber national guard, pooled hiring and reforming educational outreach to address the IT skills shortage.
At an April 4 oversight hearing, congressional watchdogs, industry experts and longtime feds called for a cyber national guard, centralized hiring, as well as the reforming and expansion of educational outreach programs to address the IT skills shortage and increase workforce diversity.
The Center for Cyber Safety and Education recently estimated there will be a global shortage of 1.8 million cybersecurity professionals by 2022, and federal cybersecurity workforce issues landed on the Government Accountability Office's 2017 high-risk list.
At the House Oversight Subcommittee on Information Technology hearing, Chairman Will Hurd (R-Texas) pushed the idea of a cyber national guard that would serve public and private entities as a possible remedy.
"The concept is actually quite simple," he said. "This is really a way to… recruit and hire qualified individuals to the federal IT workforce and then retain their skills in the future on a rotational basis."
The challenge, Hurd said, lies in the details for standing it up, and how it would carry out its functions once operational.
"Once they come and work for the government and they go out in the private sector, how do we get them back in on a rotational basis?" he asked. "What are the jobs that would be achieved through that rotational basis?
Steve Cooper, who has served as CIO of the Departments of Commerce and Homeland Security as well as the Federal Aviation Administration, suggested this "cyber reserve corps" could be run jointly by "DHS, the Office of Personnel Management and the Department of Defense."
While the ongoing hiring freeze is "having a pretty significant adverse effect," Cooper said, he suggested revamping the way agencies go about hiring -- and retaining -- cyber specialists would be necessary regardless of the budgetary environment.
"The approach we're taking to hiring cyber talent is well-intended, but it gets in the way of actually filling an awful lot of these vacancies across the federal enterprise and retaining that talent," he said.
Building off the rotational model, Cooper said Congress should allow federal CIOs to pool appropriations money and "team up" to solve IT recruitment problems and tech crises, asking, "why do I have to end up competing with other CIOs" to hire from the same, limited pool?
"DHS is more sexy, DOD attracts a heck of a lot more people than the Department of Commerce," he said. "If we could team up and have a recruiting team… and let them do all the hiring for these folks," it would provide a central recruiting arm to focus on helping agencies get the skill sets they need.
Cooper suggested such a recruiting team could be managed by the General Services Administration, OPM, DHS, DOD or some combination. He also said the business model used by 18F and the United States Digital Service could help agencies with their IT shortcomings.
To prevent talented employees from fleeing to the private sector, Cooper suggested that OPM head an effort to standardize career ladders and work to advance qualified employees when they are ready for a promotion.
Lisa Depew, head of industry and academic outreach at McAfee, said that in order to "systemically fix the problem," educational outreach programs must focus on directing middle and high school students towards tech studies.
She also recommended creating a flexible, community college program in which the government would partially or fully cover tuition in exchange for federal service, as well as expanding the National Science Foundation's CyberCorps Scholarship for Service program.
Rep. Raja Krishnamoorthi (D-Ill.) proposed "potentially opening it up" to include community college students and two-year degree programs.
Debora Plunkett, a strategic advisory board member of the International Consortium of Minority Cybersecurity Professionals, said that expanding educational outreach could help improve the "dismal representation of women and minorities in the cybersecurity field."
"Our greatest tragedy could be our failure to recognize the potential for all Americans to contribute to this workforce deficit," she said.
NEXT STORY: DOJ, DHS could do better at sharing terror info